Code Access Security Best Practices

From: Annie (itsanniehere_at_hotmail.com)
Date: 05/05/04 

Date: 5 May 2004 00:44:56 -0700

Hi,

I am trying to create some architecture guidelines for a corporate
environment. I am thinking mainly about code running on the local
computer, but that I want to protect against invasion as much as
possible if compromised.

I would like to be able to write the .NET assemblies we create with
the "principle of least privilege". I realise that there are
limitations with running some of the native .NET system Assemblies
that do not have the AllowPartiallyTrustedCallers attribute, as they
require Full Trust. Worse, all our assemblies are strong named, so I
start not being able to call between them because of the implicit
LinkDemand without Full Trust.

So, to work around this, what I was hoping to be able to do is run the
assembly as Full Trust, but remove permissions on a case by case basis
using the RequestRefuse attribute on each assembly. A code review
before the project is released can check the permissions are
appropriate. All nicely controlled. However, if any permissions are
voluntarily removed from a full trust assembly, then it becomes
partially trusted, and I am back to square one.

Given that, can anyone tell me what the accepted model of working is
with .NET Code Access Security? Do I have to give up and allow Full
Trust in practice (the equivalent to logging on using Administrator or
sa)? Can I lock all other code down, and only allow Full Trust to (for
example) the public key of our assemblies?

Is there anywhere a FULL list of actually what I can't do in the .NET
Framework if I do not have Full Trust?

Thanks,

Annie.

Relevant Pages

  • Re: CAS & GAC: connection?
    ... > assemblies will have full trust, and most assemblies in the GAC are ... > installed, so in most cases, assemblies in the GAC will be fully trusted. ... >> It can request fewer permissions, but it will get Full Trust. ...
    (microsoft.public.dotnet.security)
  • Re: VSTO Security policy
    ... Using the .NET Configuration 1.1 tool, ... the assembly permissions directly as well, but I still get the "Your Current ... > Did you grant full trust at the machine or user level? ... > machine-level full trust to run assemblies on network shares. ...
    (microsoft.public.vsnet.vstools.office)
  • Re: Confusion about .Net AllowPartiallyTrustedCallers (IE).
    ... To get around the security exceptions that occur; ... The assumption is that strong named assemblies will often have more ... more permissions to perform this task. ... have Full Trust. ...
    (microsoft.public.dotnet.security)
  • Re: CAS & GAC: connection?
    ... Under default policy settings, all locally installed ... >> assemblies will have full trust, and most assemblies in the GAC are ... >> limited permissions under policy. ... >> you want to avoid an implicit link demand for full trust. ...
    (microsoft.public.dotnet.security)
  • Re: Tightening the default CAS policy
    ... years now) that Full Trust is a very bad idea, and that we need to move ... partially trusted applications. ... not in itself be sufficient IMHO to increase an assemblies trust permission. ... information and transmits it to some internet site. ...
    (microsoft.public.dotnet.security)
Loading